> ## Documentation Index
> Fetch the complete documentation index at: https://docs.clarityq.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# User Management and Roles

> Invite teammates, assign roles, and control who can do what across your products.

User management is where you invite teammates to ClarityQ, set what each person can do, and remove access when someone leaves. The page lives under **Settings → User Management**.

## Inviting Users

If your organization signs in with **email/password or Google**, click **Invite User** and enter the email address. The invitee receives an email and is added to the organization once they accept.

If your organization uses **SSO**, the **Invite User** button is hidden — the **SSO Enabled** badge appears instead. New teammates are provisioned automatically the first time they sign in through your identity provider.

## Roles

Every user has an **org-wide role** that applies across all products by default. You can override a user's role per product when their responsibilities differ in different parts of the business.

| Role                    | What it can do                                                                                                                                 |
| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
| **Admin**               | Full control — manage users and roles, edit every catalog component, configure integrations, and use Ask Anything.                             |
| **Integration Manager** | Connect data warehouses and manage the Table Catalog. Cannot edit semantic components or chat.                                                 |
| **Analyst Contributor** | Read and write across all catalogs (Table, Event, Semantic), use Ask Anything, build dashboards and automations.                               |
| **Analyst**             | Same as Analyst Contributor but **read-only** in the Semantic Catalog — useful when you want analysts to use definitions without editing them. |
| **Business User**       | Read access to catalogs, full Ask Anything, dashboards, and automations. Cannot edit definitions.                                              |

<Note>
  Roles are fixed — they can't be renamed or customized. If your organization needs a different mix of permissions, assign the closest fit or reach out for guidance.
</Note>

### Context Builder Access

Editing the Context Layer happens in the [Context Builder](/context-layer/building/how-the-context-layer-builder-works), which requires write access to the Semantic Catalog. By default the following roles can open the Builder, hold the lock, and deploy changes:

* **Admin**
* **Analyst Contributor**

**Analyst**, **Integration Manager**, and **Business User** can read the published Context Layer but can't open the Builder. Per-product overrides apply here too — a user can have Builder access in one product without having it across the org.

The Builder is also gated by a feature flag per product. If the **Context Builder** entry doesn't appear in your sidebar even though your role permits it, contact ClarityQ to enable it for the product.

## Per-Product Overrides

When a user's role differs between products, edit their row and assign a per-product role. The User Management table shows **+N overrides** next to anyone with non-default roles in some products.

## Removing Users

Deleting a user removes their access immediately. Their conversations, saved queries, dashboards, and other personal content are permanently deleted — there's no recovery.

<Warning>
  Deletion cascades. If a user is the only owner of a dashboard or saved query the rest of the team relies on, transfer ownership or duplicate the asset before removing them.
</Warning>

## API Keys

For programmatic access — for example, calling ClarityQ from your data pipeline — generate an API key under **Settings → API**. Keys are scoped to a single product and inherit the permissions of the user who created them. You can create new keys, see when each was last used, and revoke any key at any time.
